Iterators are a generalization of pointers that allow a C++ program to work with different data structures (containers) in a uniform manner [ISO/IEC 14882-2014]. Pointers, references, and iterators share a close relationship in which it is required that referencing values through such an object must be done through a valid value. Storing an iterator, reference, or pointer to an element within a container for any length of time comes with a risk that the underlying container may be modified such that the stored value is invalidated. For instance, when a sequence container such as std::vector requires an underlying reallocation, outstanding iterators and references will be invalidated [Kalev 99]. Only use Use only a valid pointer, reference, or iterator to refer to an element of a container.
...
The following container functions can invalidate iterators, references, and/or pointers under certain circumstances:
| Class | Function | Iterators | References | Pointers | Notes |
|---|---|---|---|---|---|
std::deque | |||||
insert(), emplace_front(), emplace_back(),emplace(), push_front(), push_back() | X | X | An insertion in the middle of the deque invalidates all the iterators and references to elements of the deque. An insertion at either end of the deque invalidates all the iterators to the deque , but has no effect on the validity of references to elements of the deque. ([deque.modifiers], paragraph 1) | ||
erase(), pop_back(), resize() | X | X | An erase operation that erases the last element of a deque invalidates only the past-the-end iterator and all iterators and references to the erased elements. An erase operation that erases the first element of a deque but not the last element invalidates only the erased elements. An erase operation that erases neither the first element nor the last element of a deque invalidates the past-the-end iterator and all iterators and references to all the elements of the deque. ([deque.modifiers], paragraph 4) | ||
clear() | X | X | X | Destroys all elements in | |
std::forward_list | |||||
erase_after(), pop_front(), resize() | X | X | ...erase_after shall invalidate only iterators and references to the erased elements. ([forwardlist.modifiers], paragraph 1) | ||
remove(), unique() | X | X | Invalidates only the iterators and references to the erased elements. ([forwardlist.ops], paragraph 12 & paragraph 16) | ||
clear() | X | X | X | Destroys all elements in a. Invalidates all references, pointers, and iterators referring to the elements of a and may invalidate the past-the-end iterator. ([sequence.reqmts], Table 100) | |
std::list | |||||
erase(), pop_front(), pop_back(), clear(), remove(), remove_if(), unique() | X | X | Invalidates only the iterators and references to the erased elements. ([list.modifiers], paragraph 3 and [list.ops], paragraph 15 & paragraph 19) | ||
clear() | X | X | X | Destroys all elements in a. Invalidates all references, pointers, and iterators referring to the elements of a and may invalidate thepast-the-end iterator. ([sequence.reqmts], Table 100) | |
std::vector | |||||
reserve() | X | X | X | After reserve(), capacity() is greater or equal to the argument of reserve if reallocation happens; and equal to the previous value of capacity() otherwise. Reallocation invalidates all the references, pointers, and iterators referring to the elements in the sequence. ([vector.capacity], paragraph 3 & paragraph 6) | |
insert(), emplace_back(), emplace(), push_back() | X | X | Causes reallocation if the new size is greater than the old capacity. If no reallocation happens, all the iterators and references before the insertion point remain valid. ([vector.modifiers], paragraph 1). All iterators and references after the insertion point are invalidated. | ||
erase(), pop_back(), resize() | X | X | Invalidates iterators and references at or after the point of the erase. ([vector.modifiers], paragraph 3) | ||
clear() | X | X | X | Destroys all elements in a. Invalidates all references, pointers, and iterators referring to the elements of a and may invalidate the past-the-end iterator. ([sequence.reqmts], Table 100) | |
std::set, std::multiset, std::map, std::multimap | |||||
erase(), clear() | X | X | Only invalidates iterators and references to the erased elements. ([associative.reqmts], paragraph 9) | ||
| |||||
erase(), clear() | X | X | Only invalidates iterators and references to the erased elements. ([unord.req], paragraph 14) | ||
insert(), emplace() | X | The insert and emplace members shall not affect the validity of iterators if (N+n) < z * B, where N is the number of elements in the container prior to the insert operation, n is the number of elements inserted, B is the container’s bucket count, and z is the container’s maximum load factor. ([unord.req], paragraph 15) | |||
rehash(), reserve() | X | Rehashing invalidates iterators, changes ordering between elements, and changes which buckets elements appear in, but does not invalidate pointers or references to elements. ([unord.req], paragraph 9) | |||
std::valarray | resize() | X | X | Resizing invalidates all pointers and references to elements in the array. ([valarray.members], paragraph 12) |
...
In this noncompliant code example, pos is invalidated after the call to insert(), and subsequent loop iterations have undefined behavior:
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <deque>
void f(const double *items, std::size_t count) {
std::deque<double> d;
auto pos = d.begin();
for (std::size_t i = 0; i < count; ++i, ++pos) {
d.insert(pos, items[i] + 41.0);
}
} |
...
This compliant solution replaces the hand-written handwritten loop with the generic STL standard template library algorithm std::transform. The call to std::transform accepts the range of elements to transform, the location of where to store the transformed values (which, in this case, is a std::inserter object to insert them at the beginning of d), and the transformation function to apply (which, in this case, is a simple lambda).
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
CTR51-CPP | High | Probable | High | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description |
|---|---|---|---|
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...